The FBI issued this week a Private Industry Notification (PIN) caution to warn organizations about the dangers of utilizing obsolete Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. The alert comes after the recent assaults on the Oldsmar water treatment plant's network where assailants attempted to raise levels of sodium hydroxide, by a factor of more than 100. The investigation into the occurrence uncovered that operators at the plant were utilizing obsolete Windows 7 systems and poor account passwords, and the desktop sharing software TeamViewer which was utilized by the assailants to penetrate the network of the plant.
“The attempt on Friday was thwarted. The hackers remotely gained access to a software program, named TeamViewer, on the computer of an employee at the facility for the town of Oldsmar to gain control of other systems, Sheriff Bob Gualtieri said in an interview,” reported Reuters.
The FBI alert doesn't explicitly advise associations to uninstall TeamViewer or some other sort of desktop sharing software but cautions that TeamViewer and other similar software can be abused if assailants gain access to employee account credentials or if remote access accounts, (for example, those utilized for Windows RDP access) are secured with frail passwords.
Moreover, the FBI alert likewise cautions about the continued use of Windows 7, an operating system that has reached end-of-life a year ago, on January 14, 2020, an issue the FBI cautioned US organizations about a year ago. This part of the warning was incorporated in light of the fact that the Oldsmar water treatment plant was all the while utilizing Windows 7 systems on its network, as indicated by a report from the Massachusetts government.
While there is no proof to suggest that the attackers abused Windows 7-explicit bugs, the FBI says that continuing to utilize the old operating system is risky as the OS is unsupported and doesn't get security updates, which presently leaves numerous systems exposed to assaults via newly discovered vulnerabilities. While the FBI cautions against the utilization of Windows 7 for valid reasons, numerous organizations and US federal and state agencies might not be able to do anything about it, barring a serious financial investment into modernizing IT foundation from upper management, something that is not expected at any point soon in many locations.